skip navigation links 
 
 Search Options 
Index | Site Map | FAQ | Facility Info | Reading Rm | New | Help | Glossary | Contact Us blue spacer  
secondary page banner Return to NRC Home Page

Home > Electronic Reading Room > Document Collections > Fact Sheets > Backgrounder - Nuclear Security – Five Years After 9/11

Backgrounder - Nuclear Security – Five Years After 9/11

Printable Version PDF Icon

Background

Security

While security of the nuclear facilities and materials the NRC regulates has always been a priority, the terrorist attack of September 11, 2001, brought heightened scrutiny and spurred increasingly stringent security requirements. Today, five years after the attack, NRC-regulated nuclear facilities are among the most secure of the nation’s critical infrastructure. In fact, one Member of Congress recently rated nuclear plant security the strongest among the nation’s civilian infrastructure.

This heightened security is achieved in layers, with multiple approaches concurrently at work – just as safety in nuclear power plants is accomplished through duplicate back-up systems. To begin with, nuclear power plants are inherently secure, robust structures, built to withstand hurricanes, tornadoes and earthquakes. Additional security measures are in place: well trained and armed security guards; equipment and structures, including physical barriers, intrusion detection and surveillance systems; and access controls. Another layer of protection is in place for coordinating threat information and response. The NRC works closely with the Department of Homeland Security (DHS), intelligence agencies, the Department of Defense and local law enforcement. These relationships ensure the NRC can act quickly on any threats that might affect its licensed facilities and allows effective emergency response from “outside the fence” should a serious terrorist attack occur.

While many of the details of the NRC’s security requirements are withheld to avoid assisting potential adversaries, general information about the security enhancements of the past few years is available to the general public from a variety of sources, including NRC’s Web site, NRC publications, and other publicly available sources

Nuclear Facility Security

Over the past five years, the NRC has required many security enhancements at its licensed power reactors, decommissioning reactors, independent spent fuel storage installations, research and test reactors, uranium conversion facilities, gaseous diffusion plants and fuel fabrication facilities. The NRC directed facilities to upgrade their physical security plans, guard training and qualification plans, and contingency plans. These facilities now have, among other heightened measures:

  • More patrols

  • Stronger and more capable security forces

  • Additional physical barriers

  • Greater stand-off distances for vehicle checks

  • More restrictive site access controls

  • Enhanced emergency preparedness and response plans

Nuclear power plants and fuel fabrication facilities must show they can defend against a set of adversary characteristics outlined in the NRC’s Design Basis Threat (DBT). While the details of the DBT are not public, in general, it outlines threats and adversary characteristics that these facilities must defend against with high assurance. The NRC supplemented the DBT in April 2003. In October 2006, a proposed final rule related to the DBT is expected to go before the Commission. The final rule would consolidate the supplemental requirements established by the April 29, 2003, DBT orders with the existing DBT requirements in NRC regulations. The final rule will also meet the NRC’s obligation under the 2005 Energy Policy Act to initiate and complete a rulemaking revising the DBT, considering the 12 factors specified in the law. The NRC is constantly re-evaluating the threat environment and will consider additional changes to the DBT in the future, if warranted.

The NRC has also significantly increased its oversight of security capabilities. In 2000, NRC inspectors spent about 40 staff-weeks a year at nuclear power plants directly inspecting security (excluding special “force-on-force inspections”). By 2003, this inspection effort had increased five-fold to 205 staff-weeks. These inspections specifically focused on the implementation of “compensatory measures” the NRC required after the 2001 attacks to address the new threat environment. In 2004, the NRC implemented a new “baseline inspection program” for security and by 2005, direct staff inspections at nuclear power plants had increased further to about 400 staff-weeks a year.

The NRC is also proposing rules to amend current security regulations and add new security requirements. The proposed rulemaking would: 1) apply systemwide security requirements imposed by Commission Orders issued after the terrorist attacks of September 11, 2001, based upon experience and insights gained by the Commission during implementation; 2) fulfill certain provisions of the Energy Policy Act of 2005; 3) add several new requirements that resulted from insights from implementation of the security orders, review of site security plans, and implementation of the enhanced baseline inspection program and force-on-force exercises; 4) ensure enhanced security is integral to new reactors; and 5) impose requirements to assess and manage site activities that can adversely affect safety and security.

Security Exercises

The NRC sets the rules and then tests the security response at nuclear power facilities with security performance evaluations often called “force-on-force” exercises. In these exercises, a specially trained mock adversary force “attacks” the facility. In 2004, the NRC implemented more realistic force-on-force exercises on a more aggressive schedule that tests facilities more frequently (at least every 3 years) and under more challenging expectations. Since late 2004, nearly 40 of these full-scale exercises have been conducted under this enhanced evaluation program and a report on the program was sent to Congress in July 2006. Efforts are ongoing to further enhance realism and “lessons learned” from these exercises. For example, the NRC is working with the nuclear industry, State and local responders, and DHS to include more security-based event scenarios into emergency preparedness drills and exercises. The NRC is also considering the use of a technically advanced simulation tool used by the Department of Defense to simulate joint military exercises. This technology can help the NRC and its nuclear plants analyze and improve physical security by modeling different attack scenarios on specific facilities.

Security Personnel

Security Personnel

One of the most important components of the security programs at nuclear power facilities is the quality of its guard force. Over the past five years, the NRC has required power plants to add more training and higher qualification standards for security personnel, while substantially increasing the number of officers on the force. Plant security officers, for example, must now be trained under more realistic conditions and against moving targets. In order to minimize security personnel fatigue and ensure a vigilant and effective guard force, the NRC has instituted additional fitness-for-duty requirements and work hours controls.

In accordance with the Energy Policy Act of 2005, the NRC has also strengthened requirements for fingerprinting and background checks of certain plant employees. On January 4, 2006, the NRC entered into an agreement with the federal government’s Terrorist Screening Center to review records of individuals with unescorted access to nuclear power reactor facilities. This collaborative effort automated and streamlined the collection and dissemination of information used to determine the trustworthiness of individuals who have unescorted access to certain vital areas of nuclear power plants. It also enhances the process of identifying anyone with access to these areas who may pose a threat to national security.

Research

Research has always played a large part in supporting the NRC’s safety mission. Throughout the past five years, changes in the threat environment and improvements in technology that allow more sophisticated analyses, have accelerated the pace of power plant research and security studies. For example, the NRC initiated a security and engineering review based on the September 11th events. The review looked at what might happen if terrorists used an aircraft to attack a nuclear power plant. The NRC also assessed the potential consequences of other types of terrorist attacks. National experts from Department of Energy (DOE) laboratories used state-of-the-art experiments and structural and fire analyses to assist the NRC.

While the details are classified, the studies confirm that the plants are robust, and the likelihood of a radioactive release affecting public health and safety is low. Another study analyzed the ability of nuclear power plants to withstand damage to, or loss of, large areas of the plant caused by a range of postulated attacks that could result in large fires and explosions. After examining a number of emergency scenarios involving operating reactors, spent fuel pools and dry-cask storage installations, the NRC has concluded that the existing planning basis used to develop nuclear power plant emergency plans remains valid and is confident that the public near those facilities can be adequately protected should an attack occur. As part of these analyses, enhancements were identified and the NRC ordered changes at nuclear power plants. Moreover, based on insights from these studies, industry best practices, and lessons-learned from the response to the attacks of September 11, 2001, additional mitigating capabilities have been put in place at all nuclear power plants.

Cyber Security

While the September 11 attacks didn't have a "cyber" component, it is no secret that cyber security is a growing and serious issue. The NRC has already issued a series of advisories and orders requiring nuclear power plants to take certain actions, including enhancing protection of their computer systems. Several new rulemakings are proposing further cyber security requirements. One proposed rule would require nuclear power plants to implement strategies to protect computer systems, detect cyber attacks, and isolate and neutralize cyber intruders. However, it is important to note that computer systems that help operate the reactors and other power reactor safety equipment are isolated from the internet to protect against outside intrusion. As suggested by the Energy Policy Act of 2005, the Commission is also considering adding a cyber threat component to the DBT. In addition, the NRC routinely interacts with the DHS’s National Cyber Security Division to coordinate federal cyber security activities in the nuclear sector.

Security Against Dirty Bombs

The security of radioactive materials has been a concern of NRC due to the possibility that such material could be used to build a radiological dispersal device – a type of conventional explosive combined with radioactive material that could spread radioactive contamination. While a so-called “dirty bomb” is unlikely to cause substantial deaths or even contaminate a very large area, it could cause panic and disruption. The NRC works with its Agreement States, DHS, DOE, the FBI, and the International Atomic Energy Agency, as well as manufacturers and distributors of nuclear materials, to protect certain radioactive material from theft or diversion.

In recent years, security measures related to nuclear material have been increased. Improvements and upgrades have been made to the Nuclear Materials Management and Safeguards System, a joint NRC-DOE database that captures the movement and location of certain forms and quantities of nuclear material. Also, development of the National Source Tracking System is progressing and is slated for full operation in mid-2007. This system will allow radioactive sources in quantities of concern to be closely tracked. In the meantime, the NRC's Interim Inventory of Radioactive Sources, established to address international requirements on source tracking, has been updated annually. This inventory has proven to be a valuable resource and was used to ensure the safety of radiation sources following hurricanes Katrina, Rita and Wilma. Also, improvements now allow U.S. Customs and Border Protection agents to get nearly immediate validation of NRC licenses associated with materials coming into the U.S.

To be ready in the event of a radiological or nuclear-related terrorist event, the NRC and other federal agencies drafted guidance for officials to use in response and long-term recovery planning. The NRC joined DHS, the Environmental Protection Agency (EPA), the Department of Defense, DOE and others to develop the guidance. Experts who developed the guidance recognized that existing programs such as EPA's Superfund and NRC's standards for decontamination and decommissioning nuclear power plants were useful in creating the new guides. The guides are flexible in order to address the broad range of scenarios that could occur – a range larger than that addressed by most previous programs or recommendations addressed. DHS published the "Application of Protective Action Guides for Radiological Dispersal Device and Improvised Nuclear Device Incidents," in the Federal Register in 2005 for public comment, but it was immediately useful to states and localities.

Coordination and Communications

The NRC doesn’t stand alone in protecting its licensees. The NRC and DHS coordinate resources and work together in today’s threat environment. One tangible example is the recently issued National Infrastructure Protection Plan, which, when coupled with the Nuclear Sector Specific Plan and National Response Plan, facilitates the sharing of information and provides for a coordinated, comprehensive response to threats and events. Federally integrated response is also illustrated by DHS’s decision to begin infrastructure reviews in the nuclear sector, making it a model for future reviews of security at other critical industries. The Comprehensive Review initiative (a DHS-led program to evaluate national critical infrastructure protection capabilities) integrates a full range of security, law enforcement and emergency preparedness professionals to identify strengths and potential weaknesses of the nation’s critical infrastructure and key resources. Nuclear power plants were identified as an initial area for review because of the high level of planning already in place, and all plants have either been reviewed or are scheduled to be reviewed in the next year.

The NRC has also developed a Threat Advisory and Protective Measures System that corresponds to the color-coded Homeland Security Advisory System. The NRC system identifies specific actions to be considered by NRC licensees for each threat level to counter projected terrorist threats. If a credible threat emerges against a specific nuclear facility, additional protective measures may be mandated even without a change in the overall threat level.

The timely sharing of accurate information among the NRC, other federal agencies and the nuclear industry is critical to preventing or mitigating the effects of terrorist attacks. NRC staff are assigned to the Domestic Nuclear Detection Office, the National Counterterrorism Center and the DHS Infrastructure Protection Office to support the integrated assessment of security-related information. The NRC Operations Center, located in the agency’s headquarters in Rockville, Md., provides an around-the-clock conduit for disseminating information and coordinating response, and NRC's highly-trained specialists review intelligence and threat-related information from a range of sources in order to assess suspicious activity related to its licensees. Secure communications systems also allow the NRC to communicate with nuclear regulators in other countries.

The NRC has always been committed to open communication with the public. However, since September 11th, the NRC realized that security-related information it routinely made public could possibly aid potential adversaries seeking to steal or divert radioactive materials or attack or sabotage a nuclear power plant. With that reality, NRC revised its information dissemination policy, and the public is provided only limited information on regulatory decisions or actions involving security inspection, assessment or enforcement. The Commission regularly reassesses this policy and in mid-2006 began making certain results of its security inspection program for nuclear power plants available to the public. The NRC has also initiated a series of annual public meetings on security and emergency preparedness, allowing the flow of some information to external stakeholders and the public without jeopardizing national security.

NRC Emergency Operations Center and Emergency Plans

NRC Emergency Operations Center

The NRC’s Emergency Operations Center is staffed around the clock to receive information regarding licensed nuclear materials related events, assist in emergency response activities, and promptly notify other Federal Agencies of those events. In recent years, upgrades to the center have enhanced effectiveness of response and coordination. In 2004, for example, the NRC completed a major overhaul of the center’s communications and computer systems. Similar upgrades have also been completed in the NRC’s four Regional Incident Response Centers. The NRC has increased its participation in emergency exercises related to security and counter-terrorism. Recent exercises have included such scenarios as dirty bombs, hijacked aircraft, stolen radioactive material, and sabotage of nuclear facilities.

The NRC emergency response organization routinely participates in these exercises as well as responds to actual events involving NRC licensees. Following both exercises and actual event response, the NRC critiques its actions and continually improves its response capabilities. As an example, the NRC coordinated response actions related to nuclear power plants affected by hurricanes Katrina, Rita and Wilma. The NRC and DHS coordinated in the post-event reviews of licensee, and state and local emergency preparedness and response capabilities and jointly determined when those capabilities were appropriately restored to support nuclear power plant re-start. The NRC participated in the federal review of lessons learned from Hurricane Katrina, and implemented changes in procedure and protocol to enhance readiness for future hurricane seasons.

In 2005, the NRC provided nuclear power plants with additional enhancements to security-related emergency preparedness actions previously implemented by earlier mandatory directives and advisories. These enhancements followed lessons learned from licensee inspections, observations of emergency preparedness drills and exercises, and comments received from a variety of stakeholders including State and local emergency response agencies and the public. In addition, the NRC Commission has directed the staff to review existing emergency preparedness regulations and guidance and recommend program improvements. Again, the NRC solicited and received a large number of comments from stakeholders and is considering those comments in the development of recommendations. The NRC will continue to interact with appropriate stakeholders to continually improve emergency preparedness capabilities at nuclear power plants and nuclear materials facilities.

Other Security Information can be found at:

September 2006


Privacy Policy | Site Disclaimer
Tuesday, February 20, 2007